Do not open a public issue for a suspected security problem.

Use a private reporting channel if one is available for this repository, such as GitHub private vulnerability reporting. If no private channel is configured, contact the maintainer privately and include:

• a description of the issue
• affected paths or pages
• reproduction steps
• impact assessment
• any suggested mitigation

If you cannot find a private channel, open a minimal public issue without exploit details and request a private follow-up.

Relevant reports include issues such as:

• cross-site scripting or unsafe HTML injection
• credential, token, or secret exposure
• supply-chain or dependency issues with a clear impact on this site
• deployment or hosting misconfigurations that expose private data or control

Reports will be triaged as quickly as practical. Please avoid disclosing details publicly until a fix or mitigation is in place.